Revisiting Logic Obfuscation Using Cellular Automata.

Logic obfuscation has evolved as a promising countermeasure against IP piracy. The Finite State Machine (FSM) is often obfuscated in a sequential circuit using suitable strategies. One such strategy proposed to obfuscate each state transition of the FSM using a class of non-group additive cellular automata (CA) called \(D1\,*\,CA\) and \(D1\,*\,CA_{dual}\). This CA-based obfuscation strategy conceals the FSM states, providing high testability hence eliminating the requirement of any scan-based Design-for-Testability techniques. However, utilizing the information leaked by the implemented FSM observable externally, an end-to-end attack strategy (named ORACALL) was proposed. It could extract the secret key for each transition of the CA-based obfuscated FSM along with the CA state encodings of the FSM states. In this work, we investigate the root cause of the success of ORACALL on a CA-based obfuscation strategy. Utilizing those findings, we propose a couple of mitigation techniques by appending non-linearity to the existing CA structure along with a slight modification of the \(D1\,*\,CA\) rule vector. Experimental validation proves that these simple yet effective countermeasures could thwart ORACALL while preserving the elegance of the underlying structure of the CA-based obfuscation technique with minimal overhead.KeywordsLogic lockingCellular automataORACALLNon-linearity